CVE-2019-15260

Published: Oct 16, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the AP, creating a denial of service (DoS) condition for clients associated with the AP.

Affected (12)

Products: Cisco: Aironet 1540 Firmware, Aironet 1560 Firmware, Aironet 1800 Firmware, Aironet 2800 Firmware, Aironet 3800 Firmware, Aironet 4800 Firmware

Cisco

6 products

Aironet 1540 Firmware

Aironet 1560 Firmware

Aironet 1800 Firmware

Aironet 2800 Firmware

Aironet 3800 Firmware

Aironet 4800 Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Aironet 1540 Firmware	From 8.5 to 8.5.151.0
Cisco Aironet 1540 Firmware	From 8.8 to 8.8.120.0

Running on/with	Platform Versions
Cisco Aironet 1540	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Aironet 1560 Firmware	From 8.5 to 8.5.151.0
Cisco Aironet 1560 Firmware	From 8.8 to 8.8.120.0

Running on/with	Platform Versions
Cisco Aironet 1560	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Aironet 1800 Firmware	From 8.5 to 8.5.151.0
Cisco Aironet 1800 Firmware	From 8.8 to 8.8.120.0

Running on/with	Platform Versions
Cisco Aironet 1800	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Aironet 2800 Firmware	From 8.5 to 8.5.151.0
Cisco Aironet 2800 Firmware	From 8.8 to 8.8.120.0

Running on/with	Platform Versions
Cisco Aironet 2800	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Aironet 3800 Firmware	From 8.5 to 8.5.151.0
Cisco Aironet 3800 Firmware	From 8.8 to 8.8.120.0

Running on/with	Platform Versions
Cisco Aironet 3800	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Aironet 4800 Firmware	From 8.5 to 8.5.151.0
Cisco Aironet 4800 Firmware	From 8.8 to 8.8.120.0

Running on/with	Platform Versions
Cisco Aironet 4800	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.